Product
A command injection vulnerability (CVE-2026-6130) exists in chatboxai chatbox versions up to 1.20.0, allowing a remote attacker to execute arbitrary OS commands by manipulating the 'args/env' argument in the StdioClientTransport function, potentially leading to complete system compromise.